GRC Specialist - Public Sector, IT Operations

Join to apply for the GRC Specialist - Public Sector, IT Operations role at BDO USA

1 day ago Be among the first 25 applicants

Join to apply for the GRC Specialist - Public Sector, IT Operations role at BDO USA

JOB DESCRIPTION

The Governance Risk & Compliance (GRC) Specialist leads the development, ongoing implementation, and continuous improvement of cybersecurity and compliance programs for the firm’s Public Sector business line. This role is instrumental in maintaining alignment with federal frameworks such as NIST SP 800-171, CMMC, and FedRAMP.

Job Summary



JOB DESCRIPTION

The Governance Risk & Compliance (GRC) Specialist leads the development, ongoing implementation, and continuous improvement of cybersecurity and compliance programs for the firm’s Public Sector business line. This role is instrumental in maintaining alignment with federal frameworks such as NIST SP 800-171, CMMC, and FedRAMP.



Job Duties

• Implements and optimizes programs aligned with NISTSP
  800‑171, CMMC, FedRAMP, and other applicable frameworks
• Develops and maintains System Security Plans (SSPs), Plan of Action & Milestones (POA&Ms), and other artifacts for audit readiness
• Evaluates contracts, Statements of Work, and vendor agreements for applicable requirements
• Performs enterprise-wide risk assessments, vulnerability analyses, threat modeling, and control testing
• Leads drafting, revision, and lifecycle management of IT policies, procedures and memos in alignment with NIST SP 800-171 and CMMC requirements
• Maintains compliance dashboards, evidence repositories, and control libraries
• Manages Change Control Board processes and policy change workflows
• Analyzes audit findings and continuous monitoring data to assess impact on CMMC maturity and enterprise cybersecurity effectiveness
• Collaborates with other business lines to ensure that new and existing systems, services, and vendor practices comply with information safeguarding requirements and other organizational requirements
• Ensures organizational policies reflect current regulatory and contractual obligations
• Translates complex technical and compliance information into actionable guidance for non‑technical stakeholders
• Monitors changes in federal cybersecurity laws, standards, and frameworks relevant to CUI protection
• Liaises across IT, Legal, HR, Procurement, and other departments to ensure GRC practices are integrated
• Assesses whether security incidents meet thresholds for regulatory noncompliance, and coordinates appropriate organizational response
• Develops and maintains multi‑year strategic plans and implementation roadmaps that align with cybersecurity objectives
• Other duties as required

• Directs day-to-day activities/workload of staff, as needed

• High school diploma or GED, required
• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, Software Engineering, Information Systems, or Computer Engineering, preferred

• Three (3) or more years of experience developing or managing cybersecurity compliance programs aligned with NIST or similar federal cybersecurity frameworks, required

• Industry‑recognized certifications, such as CISM, CASP+, CISSP, CISA, Security+, or other IT credentials demonstrating knowledge management fundamentals, preferred

• Strong verbal and written communication skills
• Excellent interpersonal and customer relationship skills
• Capacity to work in a deadline-driven environment while handling multiple complex projects/tasks simultaneously with a focus on details
• Capable of successfully multi-tasking while working independently or within a group environment
• Knowledge of FedRAMP, NIST SP 800-53, NIST SP 800-171, NIST CSF, Cybersecurity Maturity Model Certification (CMMC)
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
• Knowledge of cyber threats and vulnerabilities
• Knowledge of applicable…